boolean authenticate(final LDAPConnection ldap, final String userDN, final String password) throws LDAPException { final BindResult bindResult = ldap.bind(userDN, password); if (bindResult.getResultCode().equals(ResultCode.SUCCESS)) { LOG.debug("Login successful: " + userDN); // don't expose user names at successful login as this is a security issue return true; } else { LOG.warn("Access denied: " + userDN); return false; } } }
private boolean isAuthenticated(LDAPConnection ldapConnection, String userDn, String password) { try { // Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN ldapConnection.bind(userDn, password); return true; } catch (LDAPException e) { if (!Strings.isNullOrEmpty(e.getDiagnosticMessage())) { log.error(e.getDiagnosticMessage()); } else { log.error("Error authenticating user", e); } return false; } }
private boolean isAuthenticated(LDAPConnection ldapConnection, String userDn, String password) { try { // Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN ldapConnection.bind(userDn, password); return true; } catch (LDAPException e) { if (!Strings.isNullOrEmpty(e.getDiagnosticMessage())) { log.error(e.getDiagnosticMessage()); } else { log.error("Error authenticating user", e); } return false; } }
/** * Initialise the LDAP directory tester by connecting to the LDAP directory server using the {@code hostname} and * {@code port} and bind to it using the {@code bindDN} and {@code password}. The connection attempt is retried * a maximum of {@code retries} times with a timeout of {@code timeout} for each attempt. * * @param hostname The host name of the directory server. * @param port The TCP port number of the directory server. * @param bindDN The DN used to bind to the LDAP directory server. * @param password The password used to bind to the LDAP directory server. * @param retries The maximum number of connection attempts. * @param timeout The timeout for each connection attempt. * @throws DirectoryTesterException If there was a problem connecting to the LDAP directory server. * @since 1.0.1 */ public DirectoryTester(final String hostname, final int port, final String bindDN, final String password, final int retries, final int timeout) { this(hostname, port, retries, timeout); try { connection.bind(bindDN, password); } catch (final LDAPException e) { throw new DirectoryTesterException("Could not bind to LDAP directory server", e); } }
throws LDAPException return bind(new SimpleBindRequest(bindDN, password));
private LDAPConnection someLdapConnectionReturning(final ResultCode resultCode) throws LDAPException { final LDAPConnection ldap = mock(LDAPConnection.class); final BindResult mockBindResult = mock(BindResult.class); when(mockBindResult.getResultCode()).thenReturn(resultCode); when(ldap.bind(anyString(), anyString())).thenReturn(mockBindResult); return ldap; }
throws LDAPException return bind(new SimpleBindRequest(bindDN, password));
private LDAPConnection someLdapConnectionReturningSuccessOrThrowingBindException(final String bindDnSuccess, final String bindDnException) throws LDAPException { final LDAPConnection ldap = mock(LDAPConnection.class); final BindResult mockBindResultSuccess = mock(BindResult.class); when(mockBindResultSuccess.getResultCode()).thenReturn(ResultCode.SUCCESS); when(ldap.bind(contains(bindDnSuccess), anyString())).thenReturn(mockBindResultSuccess); final BindResult mockBindResultInvalid = mock(BindResult.class); when(mockBindResultInvalid.getResultCode()).thenReturn(ResultCode.INVALID_CREDENTIALS); final LDAPBindException mockBindException = mock(LDAPBindException.class); when(mockBindException.getBindResult()).thenReturn(mockBindResultInvalid); when(ldap.bind(contains(bindDnException), anyString())).thenThrow(mockBindException); return ldap; }
/** * Creates a new LDAP connection based on the JSON specification. The * connection will be authenticated if appropriate. * * @return The LDAP connection that was created. * * @throws LDAPException If a problem is encountered while trying to * establish or authenticate the connection. */ public LDAPConnection createConnection() throws LDAPException { final LDAPConnection connection = createUnauthenticatedConnection(); if (bindRequest != null) { try { connection.bind(bindRequest); } catch (final LDAPException le) { Debug.debugException(le); connection.close(); throw le; } } return connection; }
@Test public void shouldApplyFilterToAuthenticatedUserWithAdditionallyConfiguredBaseDn() throws IOException, ServletException, GeneralSecurityException, LDAPException { // given final LdapProperties ldapProperties = ldapProperties("someHost", 389, asList("exceptionBaseDn", "successBaseDn"), null, "someRdnIdentifier", singletonList("/internal"), StartTLS, WHITELISTED_PATH); final LdapConnectionFactory connectionFactory = mock(LdapConnectionFactory.class); final LDAPConnection ldapConnection = someLdapConnectionReturningSuccessOrThrowingBindException("successBaseDn", "exceptionBaseDn"); when(connectionFactory.buildLdapConnection()).thenReturn(ldapConnection); testee = new LdapAuthenticationFilter(ldapProperties, connectionFactory); // when final HttpServletRequest request = requestWithAuthorizationHeader(); when(request.getServletPath()).thenReturn("/foo"); final FilterChain filterChain = mock(FilterChain.class); testee.doFilter(request, response, filterChain); // then verify(ldapConnection).bind(contains("exceptionBaseDn"), anyString()); verify(ldapConnection).bind(contains("successBaseDn"), anyString()); verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); }
connection.bind(bindRequest[serverIndex]);
connection.bind(bindRequest);
protected SearchResult execute(SearchRequest request, String bindDN, String password) { LDAPConnection connection = null; try { if (allowAllSocketFactory) { SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); connection = new LDAPConnection(sslUtil.createSSLSocketFactory(), serverHost, serverPort); } else { connection = new LDAPConnection(serverHost, serverPort); } if (bindDN != null) { BindResult auth = connection.bind(bindDN, password); if (!auth.getResultCode().isConnectionUsable()) { log.error("Connection not usable, result code : " + auth.getResultCode()); } } return connection.search(request); } catch (LDAPException le) { String message = le.getMessage(); if (!message.startsWith("Unable to bind as user ")) { log.error(le.getMessage(), le); } } catch (GeneralSecurityException gse) { log.error(gse.getMessage(), gse); } finally { if (null != connection) { connection.close(); } } return null; }
BindResult bindResult = ldapConnection.bind( ldapProperties.getRdnIdentifier() + "=" + credentials.getUsername() + "," + ldapProperties.getBaseDn(),
try bindResult = ldapConnection.bind(bindRequest);
public void connect(final IAsyncResultHandler<ILdapResult> handler) { try { connection = LDAPConnectionFactory.build(socketFactory, config); BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword()); evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler); } catch (LDAPException e) { evalBindReturn(e.getResultCode(), e.getMessage(), e, handler); } catch (Exception e) { LDAPConnectionFactory.releaseDefunct(connection); handler.handle(AsyncResultImpl.<ILdapResult>create(e)); } }
final BindResult bindResult = conn.bind(bindRequest); setResponseControls(bindResult); if (bindResult.getResultCode() == ResultCode.SUCCESS)
public void connect(final IAsyncResultHandler<ILdapResult> handler) { try { connection = LDAPConnectionFactory.build(socketFactory, config); BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword()); evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler); } catch (LDAPException e) { evalBindReturn(e.getResultCode(), e.getMessage(), e, handler); } catch (Exception e) { LDAPConnectionFactory.releaseDefunct(connection); handler.handle(AsyncResultImpl.<ILdapResult>create(e)); } }
public static void bind(SSLSocketFactory socketFactory, LdapConfigBean config, IAsyncResultHandler<ILdapResult> handler) { LDAPConnection connection = null; try { connection = LDAPConnectionFactory.build(socketFactory, config); BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword()); evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler); LDAPConnectionFactory.releaseConnection(connection); } catch (LDAPException e) { // generally errors as an exception, also potentially normal return(!). evalBindReturn(e.getResultCode(), e.getMessage(), e, handler); LDAPConnectionFactory.releaseConnectionAfterException(connection, e); } catch (Exception e) { LDAPConnectionFactory.releaseDefunct(connection); handler.handle(AsyncResultImpl.<ILdapResult>create(e)); } }
public static void bind(SSLSocketFactory socketFactory, LdapConfigBean config, IAsyncResultHandler<ILdapResult> handler) { LDAPConnection connection = null; try { connection = LDAPConnectionFactory.build(socketFactory, config); BindResult bindResponse = connection.bind(config.getBindDn(), config.getBindPassword()); evalBindReturn(bindResponse.getResultCode(), bindResponse.getDiagnosticMessage(), null, handler); LDAPConnectionFactory.releaseConnection(connection); } catch (LDAPException e) { // generally errors as an exception, also potentially normal return(!). evalBindReturn(e.getResultCode(), e.getMessage(), e, handler); LDAPConnectionFactory.releaseConnectionAfterException(connection, e); } catch (Exception e) { LDAPConnectionFactory.releaseDefunct(connection); handler.handle(AsyncResultImpl.<ILdapResult>create(e)); } }